lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1045152879.15028.5.camel@utd49554>
From: pauls at utdallas.edu (Paul Schmehl)
Subject: Unusual request

On Thu, 2003-02-13 at 07:58, Rapaille Max wrote:
> Hi,
> 
> I did this kind of demo 2-3 times already, with a Win2k SP2 and IIS.
> To add a layer, we just added a firewall between the ISS and the attacker PC ..  with just Port 80 incoming and, as (too)usual, All port open for outgoing...  Just using a unicode exploit, and then loading some tools, defacing web page, taking remote control, etc...  A lot of fun for Us, and great astonishment for the public..  Certainly with the firewall..  A lot of them where just saying, before the demo : We are secure, our integrator installed a firewall...  
> BTW, we also used some tools ike unicoder.pl and Upload.asp, to demonstrate, in a second time, how easy it is, even if you don't know what you do...
> 
> Good effect of awareness for those managers, Engineer, etc...

That's precisely what I have in mind.

-- 
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ